10 SUMMARY OF SIGNIFICANT OIG ACTIVITY
April 1, 2012 – September 30, 2012 Semiannual Report to the Congress DIRECTORATE FOR MANAGEMENT MANAGEMENT REPORTS Information Technology <strong>Management</strong> Letter for the FY 2011 DHS Financial Statement Audit We contracted with the independent public accounting firm KPMG LLP (KMPG) to perform a review <strong>of</strong> DHS’ IT general controls in support <strong>of</strong> the fiscal year (FY) 2011 DHS financial statement audit. The overall objective <strong>of</strong> this review was to evaluate the effectiveness <strong>of</strong> IT general controls <strong>of</strong> DHS’ financial processing environment and related IT infrastructure as necessary to support the engagement. KPMG also performed technical security testing for key network and system devices, as well as testing over key financial application controls. KPMG noted that DHS took corrective action to address many prior years’ IT control weaknesses. However, during FY 2011, KPMG <strong>continued</strong> to identify IT general control weaknesses at each component. The most significant weaknesses from a financial statement audit perspective related to entity-wide security, access controls, and service continuity. Collectively, the IT control weaknesses limit DHS’ ability to ensure that critical financial and operational data are maintained in such a manner to ensure confidentiality, integrity, and availability. In addition, these weaknesses negatively affect the internal controls over DHS’ financial reporting and its operation, and combined KPMG considers them to collectively represent a material weakness under standards established by the American Institute <strong>of</strong> Certified Public Accountants. (OIG-12-81, May 2012, ITA) http://www.oig.dhs.gov/assets/Mgmt/2012/ OIG_12-81_May12.pdf DHS Information Technology <strong>Management</strong> Has Improved, but Challenges Remain We assessed the progress made in establishing the Chief Information Offcer’s oversight and authority, achieving integration, improving IT management functions, and addressing our prior recommendations. Since our 2008 report, the DHS Chief Information Offcer has increased oversight and authority by reviewing DHS component programs and acquisitions. Also, DHS has achieved some infrastructure integration goals with data center and network consolidation and matured key information technology management functions, such as portfolio management. However, the Chief Information Offcer’s ability to affect budget decisions remains a challenge. The combination <strong>of</strong> the Chief Information Offcer’s exclusion from the early budget planning stages and missing component budget information limits the Chief Information Offcer’s ability to make meaningful decisions and recommendations. We recommended that the Deputy Under Secretary for <strong>Management</strong> assign the DHS Chief Information Offcer centralized control over DHS’ IT budget planning process to review, guide, and approve IT investments. The Deputy Under Secretary for <strong>Management</strong> concurred with the recommendation, but stated that the Offce <strong>of</strong> the Chief Information Offcer is firmly integrated with the processes for making budget, financial, and program management decisions within the agency. We disagree and emphasized the need for the Chief Information Offcer to participate earlier in the budget planning process. (OIG-12-82, May 2012, ITA) http://www.oig.dhs.gov/assets/Mgmt/2012/ OIG_12-82_May12.pdf CBP Acquisition <strong>of</strong> Aviation <strong>Management</strong> Tracking System Our audit objective was to determine whether DHS and its components have designed effciencies for the acquisition, conversion, and maintenance <strong>of</strong> Customs and Border Protection’s (CBP) and United States Coast Guard’s (USCG) H-60 helicopters. During our audit “Developing Effciencies for the Acquisition, Conversion, and Maintenance <strong>of</strong> CBP and USCG H-60 Helicopters,” we determined that CBP was planning to purchase a new, separate aviation maintenance tracking system that will not be coordinated with USCG’s already operational system. This is contrary to CBP/USCG’s Joint Strategy (2010) to unify CBP’s aviation logistics and maintenance system with that <strong>of</strong> USCG, as well as the Secretary’s directives to improve coordination and effciencies among DHS components. The Joint Strategy concluded that the first step should be to 11